Fixed by adding "fips = no" to the stunnel config file. I don't remember what version was of stunnel I had before but apparently 4.56 enables it by default.
On Sun, Jan 5, 2014 at 5:01 PM, slamp slamp <slackamp@xxxxxxxxx> wrote:
Hello All,Anyone able to use stunnel successfully in Fedora 20? It has been working for me for awhile prior to upgrading.Stunnel starts up fine, but as soon as it is used, it crashes but no indication as to why.I really only use stunnel to interface my sendmail with my ISP, if there is a simple way of doing this with sendmail, I'll remove stunnel.I believe I am using a simple config:$ cat /etc/stunnel/stunnel.conf; Some performance tuningssocket = l:TCP_NODELAY=1socket = r:TCP_NODELAY=1; Some debugging stuff useful for troubleshootingdebug = 7output = /var/log/stunnel.log; Use it for client modeclient = yesverify = 0; Service-level configuration
[pseudo-ssmtp]accept = relay-domain:2525connect = smtp.verizon.net:465------------------logs:2014.01.05 15:51:42 LOG7[613:3071158144]: Clients allowed=5002014.01.05 15:51:42 LOG5[613:3071158144]: stunnel 4.56 on i686-redhat-linux-gnu platform2014.01.05 15:51:42 LOG5[613:3071158144]: Compiled/running with OpenSSL 1.0.1e-fips 11 Feb 20132014.01.05 15:51:42 LOG5[613:3071158144]: Threading:PTHREAD Sockets:POLL,IPv6 SSL:ENGINE,OCSP,FIPS Auth:LIBWRAP2014.01.05 15:51:42 LOG5[613:3071158144]: Reading configuration from file /etc/stunnel/stunnel.conf2014.01.05 15:51:42 LOG5[613:3071158144]: FIPS mode is enabled2014.01.05 15:51:42 LOG7[613:3071158144]: Compression not enabled2014.01.05 15:51:42 LOG7[613:3071158144]: Snagged 64 random bytes from /dev/urandom2014.01.05 15:51:42 LOG7[613:3071158144]: PRNG seeded successfully2014.01.05 15:51:42 LOG6[613:3071158144]: Initializing service [pseudo-ssmtp]2014.01.05 15:51:43 LOG7[613:3071158144]: SSL options set: 0x000000042014.01.05 15:51:43 LOG5[613:3071158144]: Configuration successful2014.01.05 15:51:43 LOG7[613:3071158144]: Service [pseudo-ssmtp] (FD=12) bound to 127.0.0.1:25252014.01.05 15:51:43 LOG7[737:3071158144]: Created pid file /var/run/stunnel.pid2014.01.05 16:21:57 LOG7[737:3071158144]: Service [pseudo-ssmtp] accepted (FD=3) from 127.0.0.1:340072014.01.05 16:21:57 LOG7[737:3078183744]: Service [pseudo-ssmtp] started2014.01.05 16:21:57 LOG7[737:3078183744]: Waiting for a libwrap process2014.01.05 16:21:57 LOG7[737:3078183744]: Acquired libwrap process #02014.01.05 16:21:57 LOG7[737:3078183744]: Releasing libwrap process #02014.01.05 16:21:57 LOG7[737:3078183744]: Released libwrap process #02014.01.05 16:21:57 LOG7[737:3078183744]: Service [pseudo-ssmtp] permitted by libwrap from 127.0.0.1:340072014.01.05 16:21:57 LOG5[737:3078183744]: Service [pseudo-ssmtp] accepted connection from 127.0.0.1:340072014.01.05 16:21:57 LOG6[737:3078183744]: connect_blocking: connecting 206.46.232.100:4652014.01.05 16:21:57 LOG7[737:3078183744]: connect_blocking: s_poll_wait 206.46.232.100:465: waiting 10 seconds2014.01.05 16:21:57 LOG5[737:3078183744]: connect_blocking: connected 206.46.232.100:4652014.01.05 16:21:57 LOG5[737:3078183744]: Service [pseudo-ssmtp] connected remote server from 172.16.133.25:564572014.01.05 16:21:57 LOG7[737:3078183744]: Remote socket (FD=14) initialized2014.01.05 16:21:57 LOG7[737:3078183744]: SNI: sending servername: smtp.verizon.net2014.01.05 16:21:57 LOG7[737:3078183744]: SSL state (connect): before/connect initialization2014.01.05 16:21:57 LOG7[737:3078183744]: SSL state (connect): SSLv3 write client hello A2014.01.05 16:21:57 LOG7[737:3078183744]: SSL state (connect): SSLv3 read server hello A2014.01.05 16:21:57 LOG7[737:3078183744]: Starting certificate verification: depth=3, /C=US/O=GTE Corporation/OU=GTE CyberTrust Solutions, Inc./CN=GTE CyberTrust Global Root2014.01.05 16:21:57 LOG6[737:3078183744]: CERT: Verification not enabled2014.01.05 16:21:57 LOG5[737:3078183744]: Certificate accepted: depth=3, /C=US/O=GTE Corporation/OU=GTE CyberTrust Solutions, Inc./CN=GTE CyberTrust Global Root2014.01.05 16:21:57 LOG7[737:3078183744]: Starting certificate verification: depth=3, /C=US/O=GTE Corporation/OU=GTE CyberTrust Solutions, Inc./CN=GTE CyberTrust Global Root2014.01.05 16:21:57 LOG6[737:3078183744]: CERT: Verification not enabled2014.01.05 16:21:57 LOG5[737:3078183744]: Certificate accepted: depth=3, /C=US/O=GTE Corporation/OU=GTE CyberTrust Solutions, Inc./CN=GTE CyberTrust Global Root2014.01.05 16:21:57 LOG7[737:3078183744]: Starting certificate verification: depth=2, /C=IE/O=Baltimore/OU=CyberTrust/CN=Baltimore CyberTrust Root2014.01.05 16:21:57 LOG6[737:3078183744]: CERT: Verification not enabled2014.01.05 16:21:57 LOG5[737:3078183744]: Certificate accepted: depth=2, /C=IE/O=Baltimore/OU=CyberTrust/CN=Baltimore CyberTrust Root2014.01.05 16:21:57 LOG7[737:3078183744]: Starting certificate verification: depth=1, /O=Cybertrust Inc/CN=Cybertrust Public SureServer SV CA2014.01.05 16:21:57 LOG6[737:3078183744]: CERT: Verification not enabled2014.01.05 16:21:57 LOG5[737:3078183744]: Certificate accepted: depth=1, /O=Cybertrust Inc/CN=Cybertrust Public SureServer SV CA2014.01.05 16:21:57 LOG7[737:3078183744]: Starting certificate verification: depth=0, /C=US/ST=Texas/L=Irving/O=Verizon Data Services LLC/OU=SLB Mail/CN=smtp.verizon.net2014.01.05 16:21:57 LOG6[737:3078183744]: CERT: Verification not enabled2014.01.05 16:21:57 LOG5[737:3078183744]: Certificate accepted: depth=0, /C=US/ST=Texas/L=Irving/O=Verizon Data Services LLC/OU=SLB Mail/CN=smtp.verizon.net2014.01.05 16:21:57 LOG7[737:3078183744]: SSL state (connect): SSLv3 read server certificate A2014.01.05 16:21:57 LOG7[737:3078183744]: SSL state (connect): SSLv3 read server key exchange A2014.01.05 16:21:57 LOG7[737:3078183744]: SSL state (connect): SSLv3 read server done A
-- users mailing list users@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines Have a question? Ask away: http://ask.fedoraproject.org
